Digital Forensics Analyst

Company Description
We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we'll continue to create and deliver content that reflects the current and ever-changing face of the world.
Job Description
NBCUniversal's Cyber Defense Operations team is responsible for providing operational support for the layered defense of tools and capabilities deployed at NBCUniversal to support the Threat Operations lifecycle in a highly collaborative, fast paced, and agile fashion. The Cyber Investigator provides expert-level contributions to NBCU's Cyber Defense Team by protecting the company's critical assets from internal threats and reducing overall risk. This senior level position will be looked upon as a subject matter expert (SME) in the fields of digital forensics, insider threat, and cyber investigations.
The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber investigation activities. A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer investigation directions. Experience responding to multi-faceted security issues and assisting with the coordination of subsequent enforcement activities and efforts prioritizing mission critical elements.
Finally, a successful candidate will effectively communicate the findings of key Cyber investigations and services to deliver succinct and biased free summaries to the stakeholders.
Position Responsibilities:
Insider Threat

• Perform highly sensitive and confidential investigations, including digital forensic analysis, involving internal risks such as employee misconduct, intellectual property theft, embezzlement, misuse, harassment, and physical security threats.
• Lead proactive efforts to identify, disrupt, and protect NBCU from any internal threats that may undermine the integrity and operations of the business.
• Work closely with HR, legal, and compliance teams to address insider threat incidents.
• Monitor user activity and behavior to detect signs of potential insider threats.
• Investigate suspicious activities and incidents related to insider threats.

DLP

• Monitor and analyze DLP alerts to identify potential data leakage incidents.
• Develop and enforce DLP policies, rules, and best practices.
• Collaborate with IT and security teams to integrate DLP controls with other security measures.

Digital Forensics

• Conduct forensic analysis of physical devices and other electronic data sources in support of internal investigations and other legal requests using forensically sound processes.
• Provide subject matter guidance and work collaboratively with incident response and other cyber security teams in the event of a cross-functional investigation.
• Drive continuous improvement across the cyber investigations group and its processes.
• Utilize a range of data sources, systems, and tools to collect, search, recover, sort, and organize large volumes of digital evidence during all phases of the investigative process.
• Develop and maintain evidence collection methodologies as technology evolves
• Collect and preserve electronically stored evidence and digital media using repeatable and defensible procedures, ensuring chain of custody throughout the evidence lifecycle.
• Deliver clear and meaningful results and associated reporting to requestors of various levels across the organization.
• Maintain awareness of new forensic technology, techniques, and industry best practices.
• Maintain the Forensics Infrastructure
• Mentor junior level security professionals and periodically perform quality review of their work.
• Assist team leadership with the development, collection, and publication of metrics that illustrate team performance and highlight obstacles thwarting team potential.

Qualifications

• Minimum of 5 years' experience in computer forensics, investigations, or similar information security discipline leading digital investigations following legally sound practices (including chain of custody).
• Working knowledge and proven experience with current digital forensic best practices and methodologies.
• Demonstrated expertise in both working in and handling extremely confidential investigations.
• Experience with forensic technologies such as EnCase, AXIOM, and Cellebrite.
• Experience with emerging cloud technology services and their effect on digital investigations.
• Good understanding of possible methods of internal and external data movement and exfiltration.
• Ability to navigate a complex global network as part of the investigative research process.
• Familiarity with processes and technologies for collections from mobile device platforms.
• Strong understanding of enterprise email systems including Office 365 and MS Exchange.
• Experience in Investigations (Corporate/Law Enforcement/Government/Military)
• Experience with enterprise level SIEM and/or DLP tools such as Splunk, Crowdstrike, and/or Exabeam.

Personal Attributes:

• Self-starter with a sense of urgency who takes ownership and responsibility for service delivery.
• Works independently with minimal guidance while also working collaboratively with the team to achieve strategic goals.
• Professional, clear, and concise communication to both technical and non-technical audiences.
• Excellent analytical ability, sharp attention to detail, creative problem solving, and consultative skills.
• Proven organizational skills (time management and prioritization).
• Position requires access to highly sensitive confidential material; integrity and discretion are mandatory.

Formal Education & Certification

• Bachelor of Science in Computer Science, Information Systems, Software Engineering, Criminal Justice, or any combination of education and relevant experience.

Preferred Certifications:

• EnCase Certified Examiner - EnCE
• GIAC Certified Forensic Analyst - GCFA
• GIAC Certified Forensic Examiner - GCFE
• Certified Forensic Computer Examiner - CFCE
• Certified Information Systems Security Professional - CISSP
• NOTE: An equivalent combination of experience, education and/or training may be substituted for the listed minimum requirements.

Occasional travel may be required, but less than 10% of the time.
Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence.
This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $80,000 - $100,000
Additional Information
NBCUniversal's policy is to provide equal employment opportunities to all applicants
\nand employees without regard to race, color, religion, creed, gender, gender identity
\nor expression, age, national origin or ancestry, citizenship, disability, sexual
\norientation, marital status, pregnancy, veteran status, membership in the uniformed
\nservices, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran, you have the
\nright to request a reasonable accommodation if you are unable or limited in your
\nability to use or access nbcunicareers.com as a result of your disability. You can
\nrequest reasonable accommodations by emailing [email protected].